home

eFixProPackage.exe

eFix Pro

Reimage Limited

The application eFixProPackage.exe by Reimage Limited has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from ukrep.efix.com and multiple other hosts.
Publisher:
eFix®  (signed by Reimage Limited)

Product:
eFix Pro

Description:
eFix Package

Version:
1.805

MD5:
a923c1c29c33324f053992cea26f0ab4

SHA-1:
6ad688f9acc94c60fa8ffa5e3371135c28606ff2

SHA-256:
d66aa8238671635c2648ca147ed2411a85553f461cdd5ec68f4933cf72daedb1

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 8:58:34 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider1.1621
9.0.1.037

ESET NOD32
Win32/ReImageRepair.E potentially unwanted (variant)
9.11110

IKARUS anti.virus
PUA.ReImageRepair
t3scan.1.8.6.0

Reason Heuristics
PUP.Optional.Reimage
15.2.6.12

Trend Micro House Call
Suspicious_GEN.F47V0118
7.2.37

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
3.12.26.3

File size:
10.7 MB (11,244,104 bytes)

Product version:
1.805

Copyright:
© eFix 2014

Trademarks:
eFix

Original file name:
eFixProPackage.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\efixpropackage.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 1:00:00 AM

Valid to:
6/10/2016 1:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:jTuSnl87gsIzMaY59Wc5W7FJOKX8CSR2MIgxcoFmO51LFFRBPHZNO:mSnlvzLYT78N8hzcAmOHHPH

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file eFixProPackage.exe has been seen being distributed by the following 2 URLs.

http://ukrep.efix.com/.../eFixProPackage1805.exe

http://cdn.reimage.com/.../eFixProPackage1805.exe

Remove eFixProPackage.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.